File name:

2025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader

Full analysis: https://app.any.run/tasks/57169c70-7b8e-482a-8ada-3d80de8aab49
Verdict: Malicious activity
Threats:

Ransomware is a type of malicious software that locks users out of their system or data using different methods to force them to pay a ransom. Most often, such programs encrypt files on an infected machine and demand a fee to be paid in exchange for the decryption key. Additionally, such programs can be used to steal sensitive information from the compromised computer and even conduct DDoS attacks against affected organizations to pressure them into paying.

Malware Trends Tracker     >>>
Analysis date: May 17, 2025, 09:48:59
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
neconyd
ransomware
birele
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 4 sections
MD5:

377F3CF9C9F6537FDCE4B4FE4F76364E

SHA1:

8A0247BA51F5247DAB6B2F1D0B043DE46D19E12D

SHA256:

C477038F67AE3F05FE09670E7722325864038C87DF35B6FE884D94D01358F132

SSDEEP:

3072:FR65qaR6CRp/5y03CwJ3/HxMqMdA33M5tC1isyPFCALzv4mlkVVXV9da0:FmqaRRRZ/MnA3cQYFCOzv3AVXVx

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Neconyd has been detected

      • omsecor.exe (PID: 7520)
      • omsecor.exe (PID: 8180)

    • BIRELE has been detected (SURICATA)

      • omsecor.exe (PID: 8180)
      • omsecor.exe (PID: 7520)

    • Connects to the CnC server

      • omsecor.exe (PID: 8180)
      • omsecor.exe (PID: 7520)

  • SUSPICIOUS

    • Application launched itself

      • 2025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7356)
      • omsecor.exe (PID: 7448)
      • omsecor.exe (PID: 8160)
      • omsecor.exe (PID: 7520)

    • Executes application which crashes

      • omsecor.exe (PID: 7448)
      • 2025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7356)
      • omsecor.exe (PID: 8160)

    • Executable content was dropped or overwritten

      • 2025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7376)

    • Contacting a server suspected of hosting an CnC

      • omsecor.exe (PID: 7520)
      • omsecor.exe (PID: 8180)

    • Reads security settings of Internet Explorer

      • omsecor.exe (PID: 8180)
      • omsecor.exe (PID: 7520)

  • INFO

    • Checks supported languages

      • 2025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7376)
      • 2025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7356)
      • omsecor.exe (PID: 7448)
      • omsecor.exe (PID: 7520)
      • omsecor.exe (PID: 8160)
      • omsecor.exe (PID: 8180)

    • The sample compiled with english language support

      • 2025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7356)

    • Creates files or folders in the user directory

      • 2025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7376)
      • WerFault.exe (PID: 7208)
      • WerFault.exe (PID: 7596)
      • WerFault.exe (PID: 7612)

    • Reads the computer name

      • omsecor.exe (PID: 7520)
      • omsecor.exe (PID: 8180)

    • Failed to create an executable file in Windows directory

      • omsecor.exe (PID: 7520)
      • omsecor.exe (PID: 8180)

    • Checks proxy server information

      • omsecor.exe (PID: 8180)
      • slui.exe (PID: 8092)
      • omsecor.exe (PID: 7520)

    • Reads the software policy settings

      • slui.exe (PID: 8092)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2012:11:23 06:17:44+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit, No debug
PEType: PE32
LinkerVersion: 8
CodeSize: 28672
InitializedDataSize: 98304
UninitializedDataSize: -
EntryPoint: 0x18b6
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.1
ProductVersionNumber: 2.1.0.0
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: Comments
FileVersion: 0, 1, 2, 0
InternalName: CompanyName
LegalCopyright: LegalTrademarks
OriginalFileName: Build private
ProductName: Movie name
ProductVersion: 0, 0, 0, 0
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
139
Monitored processes
11
Malicious processes
6
Suspicious processes
0

Behavior graph

Click at the process to see the details
start 2025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader.exe 2025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader.exe omsecor.exe #BIRELE omsecor.exe werfault.exe no specs werfault.exe no specs slui.exe omsecor.exe #BIRELE omsecor.exe werfault.exe no specs svchost.exe

Process information

PID
CMD
Path
Indicators
Parent process
2196C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
7208C:\WINDOWS\SysWOW64\WerFault.exe -u -p 8160 -s 352C:\Windows\SysWOW64\WerFault.exeomsecor.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
7356"C:\Users\admin\Desktop\2025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader.exe" C:\Users\admin\Desktop\2025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Exit code:
3221225622
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\desktop\2025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
7376C:\Users\admin\Desktop\2025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader.exeC:\Users\admin\Desktop\2025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader.exe
2025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Exit code:
0
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\desktop\2025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
7448C:\Users\admin\AppData\Roaming\omsecor.exeC:\Users\admin\AppData\Roaming\omsecor.exe
2025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Exit code:
3221225622
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\appdata\roaming\omsecor.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
7520C:\Users\admin\AppData\Roaming\omsecor.exeC:\Users\admin\AppData\Roaming\omsecor.exe
omsecor.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Exit code:
0
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\appdata\roaming\omsecor.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
7596C:\WINDOWS\SysWOW64\WerFault.exe -u -p 7448 -s 340C:\Windows\SysWOW64\WerFault.exeomsecor.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
7612C:\WINDOWS\SysWOW64\WerFault.exe -u -p 7356 -s 356C:\Windows\SysWOW64\WerFault.exe2025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
8092C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
8160C:\Users\admin\AppData\Roaming\omsecor.exe /nomoveC:\Users\admin\AppData\Roaming\omsecor.exe
omsecor.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Exit code:
3221225622
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\appdata\roaming\omsecor.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
Total events
9 219
Read events
9 213
Write events
6
Delete events
0

Modification events

(PID) Process:(7520) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7520) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7520) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(8180) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(8180) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(8180) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
Executable files
1
Suspicious files
9
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
7596WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_omsecor.exe_68195e55ef2d9217276a7e894e3f13a24e24d377_e1d8e39c_3ef47170-423f-40f5-97d8-81f38c42c0fd\Report.wer
MD5:
SHA256:
7612WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_2025-05-17_377f3_b764a6c210ed95a858871458421ecaf54a543797_5008d4c7_d6bb0153-49f5-4f78-b18b-df19b9ab7d34\Report.wer
MD5:
SHA256:
7208WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_omsecor.exe_68195e55ef2d9217276a7e894e3f13a24e24d377_e1d8e39c_5cea7c63-ab13-4b71-8493-4bf700998387\Report.wer
MD5:
SHA256:
7596WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERD488.tmp.dmpbinary
MD5:8378815A13EF9E06F3DF4573C8C98B2C
SHA256:A874680EDBF3A4CFBDA927E1B5B16DF1D2A12C2C0639612538BF01C8004157B9
7596WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERD5A3.tmp.xmlxml
MD5:EEB845523016A343ABD763232082B87A
SHA256:96AF9A6416326FF64425BFDCCAB0D602F4420ABCA8BC74AA9F972AE71FEEBFA6
7612WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERD469.tmp.dmpbinary
MD5:A28AEDEDD5506CFD88CACAD80BB648F2
SHA256:BD4D0A55CD98D1DB091E5CA74D4EA487971428C519DEAF2CFE88388212E79386
7612WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERD5C2.tmp.WERInternalMetadata.xmlbinary
MD5:25ED370CB49234D6E7596503ACC5050B
SHA256:B971ADA7AF59696268125148EFB6CD6DE3858FF961872A5FE4ACF982EFDD9351
73762025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader.exeC:\Users\admin\AppData\Roaming\omsecor.exeexecutable
MD5:DA4B4092CE26CBAB9700EE58042ED54C
SHA256:8C7D22731BE23E465538C345776C246405E11341DC49131C1C77DD569EAFA814
7596WerFault.exeC:\Users\admin\AppData\Local\CrashDumps\omsecor.exe.7448.dmpbinary
MD5:D2A41C83D26B6805A0CA9E10D1DB66E9
SHA256:B6CC12F4DD6E78D48F706C0DA05A1B2369D2400B33C967C86405C2D3345D0A96
7612WerFault.exeC:\Users\admin\AppData\Local\CrashDumps\2025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader.exe.7356.dmpbinary
MD5:A3E738F1FCEAF29DD06860A0824E64A6
SHA256:3A8301CB5017E9BE981A9D95A8E282CD950CFAE6CB137B80B2313F07527F90F1
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
17
TCP/UDP connections
35
DNS requests
8
Threats
14

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7520
omsecor.exe
GET
200
44.247.155.67:80
http://ow5dirasuek.com/787/667.html
unknown
malicious
4212
RUXIMICS.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2104
svchost.exe
GET
304
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
7520
omsecor.exe
GET
193.166.255.171:80
http://lousta.net/439/575.html
unknown
malicious
2104
svchost.exe
GET
200
2.16.168.124:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
7520
omsecor.exe
GET
193.166.255.171:80
http://lousta.net/627/545.html
unknown
malicious
7520
omsecor.exe
GET
403
75.2.18.233:80
http://mkkuei4kdsz.com/806/195.html
unknown
malicious
7520
omsecor.exe
GET
193.166.255.171:80
http://lousta.net/226/821.html
unknown
malicious
8180
omsecor.exe
GET
403
75.2.18.233:80
http://mkkuei4kdsz.com/545/489.html
unknown
malicious
8180
omsecor.exe
GET
193.166.255.171:80
http://lousta.net/992/87.html
unknown
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4212
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2104
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
7520
omsecor.exe
193.166.255.171:80
lousta.net
Tieteen tietotekniikan keskus Oy
FI
malicious
2104
svchost.exe
2.16.168.124:80
crl.microsoft.com
Akamai International B.V.
RU
whitelisted
4212
RUXIMICS.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
2104
svchost.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
4
System
192.168.100.255:137
whitelisted
7520
omsecor.exe
75.2.18.233:80
mkkuei4kdsz.com
AMAZON-02
US
malicious

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.184.238
whitelisted
lousta.net
  • 193.166.255.171
malicious
crl.microsoft.com
  • 2.16.168.124
  • 2.16.168.114
whitelisted
www.microsoft.com
  • 2.23.246.101
whitelisted
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
mkkuei4kdsz.com
  • 75.2.18.233
malicious
ow5dirasuek.com
  • 44.247.155.67
malicious
activation-v2.sls.microsoft.com
  • 20.83.72.98
whitelisted

Threats

PID
Process
Class
Message
7520
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7520
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7520
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7520
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7520
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7520
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7520
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7520
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
8180
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
8180
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
2025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader